XZ Utils Backdoor Vulnerability (CVE-2024-3094) Advisory
abril 1, 2024
Overview NSFOCUS CERT recently detected that a backdoor vulnerability in XZ Utils (CVE-2024-3094) was disclosed from the security community, with a CVSS score of 10. Because the SSH underlying layer relies on liblzma, an attacker could exploit this vulnerability to bypass SSH authentication and gain unauthorized access to affected systems, allowing arbitrary code execution. After […]
NSFOCUS Research Labs Acknowledged by MSRC for Reporting Azure Database Service RCE Vulnerability
março 1, 2024
Overview NSFOCUS received acknowledgments from the Microsoft Security Response Center (MSRC) for reporting Azure Database Service RCE Vulnerability. Azure Database for PostgreSQL – Flexible Server is a relational database service based on the open-source PostgreSQL database engine. It is a fully managed database-as-a-service that can handle mission-critical workloads, offering predictable performance, security, high availability, and dynamic […]
NSFOCUS Receives CNVD Outstanding Contribution Award for Original Vulnerability Submission
outubro 5, 2023
The CNVD (China National Vulnerability Database) platform recently initiated the 2022 annual technical group support unit’s capability assessment. A comprehensive assessment was conducted across six capability domains, including vulnerability collection, vulnerability discovery, big data analysis of vulnerability threat risks, vulnerability technical analysis, major vulnerability incident response, and collaborative teamwork. NSFOCUS was awarded the Outstanding Contribution […]
Adobe Security Bulletin for December 2018 Security Updates
dezembro 29, 2018
Overview
On December 11, 2018 (local time), Adobe released security updates which address multiple vulnerabilities in Acrobat and Reader. (mais…)Oracle October 2018 Critical Patch Update for All Product Families Threat Alert
outubro 22, 2018
Overview
On October 16, 2018, local time, Oracle released its quarterly security advisory of the Critical Patch Update (CPU) for the third quarter. The CPU fixes 301 vulnerabilities of varying severity levels across the product families. For details about affected products and available patches, see the appendix. (mais…)